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DETAILED ACTION 

Response to Amendment 

1 . In the amendment filed on 5/5/2008, claims 13 and 15 have been cancelled. The 
currently pending claims considered below are Claims 1-3, 12, and 16. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-3, and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gupta et al. (US Patent 7,206,844 B2) in view o f Kraenzel et al. (US Patent 
6,854,016 B1) 

As per claim 1, Gupta teaches "A process for executing a downloadable service 
with specific access rights to at least one profile file in a user's computer, said computer 
comprising a web browser communication to the Internet or intranet via a first 
communication port and socket," (see Abstract, column 5 lines 35-46, column 5 line 56 
- column 6 line 27) 

said process comprising: arranging a confined run time environment (column 10 
line 66 - column 1 1 line 11, column 13 lines 15-25, lines 34-53, column 17 lines 41-60, 
wherein the client executes application software by sending requests to the webtop 
server and executing proxy services) which is assigned a second communication port 
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and socket (Figure 3 reference 320, Figure 4A and 4B reference 408, 418, 428, column 
6 lines 48-67, column 7 lines 1 -8, column 1 0 lines 32-53, column 1 0 line 66 - column 1 1 
line 28, column 17 line 41 - column 18 line 13, wherein a webtop server can establish 
proxy services to satisfy a sandbox security scheme, the proxy service forwards service 
requests and responses) and provided with restricted access to at least one profile file; 
(column 7 lines 16-28, column 12 line 45 -column 13 line 32, column 20 lines 19-29, 
wherein a client profile is stored in a local webtop server connected to a client that is 
accessed by the webtop server, the profile determining accessible services) 

downloading said service through said second communication port so that it is 
received by said confined run time environment; (column 6 lines 11-27, column 10 lines 
32-53, column 19 lines 24-57, wherein applets and application software is received by a 
webtop server) 

and executing said service within said confined rum time environment whereby 
said service is given restricted access to said at least one profile file, (column 10 line 66 
- column 1 1 line 1 1 , column 13 lines 34-54, column 16 lines 9-19, column 17 lines 61 - 
14, wherein a webtop server installs application software based on the client executing 
application software) 

Gupta does not teach profile file that is located on the user's computer; 

Kraenzel teaches profile file that is located on the user's computer; (column12 
line 66 - column 1 3 line 35, column 1 8 lines 32-67, wherein a profile file resides in a 
client that is accessed when executing downloaded files) 
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It would have been obvious at the time of the invention for one of ordinary skill in 
the art to combine Gupta 's method of establishing a webtop server connected to a client 
to execute downloadable services based on profile information with Kraenzel 's method 
of storing profile information on a client computer. This gives the user the benefit of 
making the process of transferring and executing downloaded files more secure, since 
client information resides on the client, and allows for customizability based on profile 
information on the client. The motivation for doing so would be to provide a level of 
security and stability when downloading code from remote sources (column 2 lines 7- 
19) 

As per claim 2, Gupta teaches "said confined run time environment is an 
extended sandbox having restrictive access to said at least one profile file." (column 13 
lines 10-25) 

As per claim 3, Gupta teaches "the service is downloaded under the form of a 
set of java code containing class structures packaged within a signed archive file; the 
service comprising: remote Internet data, a list of requested data that are needed to 
personalise the service, and code to sort remote Internet data using requested 
accessible data." (column 13 lines 34-57, column 44-60, column 15 lines 32-53) 

As per claim 16, Gupta teaches "A process for executing a downloadable 
service with specific access rights to at least one profile file in a user's computer, said 
computer comprising a web browser communication to the Internet or intranet via a first 
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communication port and socket," (see Abstract, column 5 lines 35-46, column 5 line 56 
- column 6 line 27) 

said process comprising: arranging a confined run time environment in said 
user's computer, (column 10 line 66 - column 11 line 11, column 13 lines 15-25, lines 
34-53, column 17 lines 41-60, wherein the client executes application software by 
sending requests to the webtop server and executing proxy services) said confined run 
time environment being assigned a second communication port and socket (Figure 3 
reference 320, Figure 4A and 4B reference 408, 418, 428, column 6 lines 48-67, column 
7 lines 1 -8, column 1 0 lines 32-53, column 1 0 line 66 - column 11 line 28, column 1 7 
line 41 - column 18 line 13, wherein a webtop server can establish proxy services to 
satisfy a sandbox security scheme, the proxy service forwards service requests and 
responses) and provided with restricted access to at least one profile file that is located 
on the user's computer; (column 7 lines 16-28, column 12 line 45 - column 13 line 32, 
column 20 lines 19-29, wherein a client profile is stored in a local webtop server 
connected to a client that is accessed by the webtop server, the profile determining 
accessible services) 

"downloading said service through said second communication port so that it is 
received by said confined run time environment;" (column 6 lines 11-27, column 10 lines 
32-53, column 19 lines 24-57, wherein applets and application software is received by a 
webtop server) 

and executing said service within said confined rum time environment whereby 
said service is given restricted access to said at least one profile file, (column 10 line 66 
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-column 11 line 11, column 13 lines 34-54, column 16 lines 9-19, column 17 lines 61 - 
14, wherein a webtop server installs application software based on the client executing 
application software) 

Gupta does not teach a profile file that is located on the user's computer; 

Kraenzel teaches a profile file that is located on the user's computer; (column 12 
line 66 - column 13 line 35, column 18 lines 32-67, wherein a profile file resides in a 
client that is accessed when executing downloaded files) 

It would have been obvious at the time of the invention for one of ordinary skill in 
the art to combine Gupta 's method of establishing a webtop server connected to a client 
to execute downloadable services based on profile information with Kraenzel's method 
of storing profile information on a client computer. This gives the user the benefit of 
making the process of transferring and executing downloaded files more secure, since 
client information resides on the client, and allows for customizability based on profile 
information on the client. The motivation for doing so would be to provide a level of 
security and stability when downloading code from remote sources (column 2 lines 7- 
19) 



4. Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gupta et 
al. (US Patent 7,206,844 B2) in view of Kraenzel et al. ( US Patent 6,708,221 B1) and 
further in view of Ian ( US Publication 2001/0045451 A1) 
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As per claim 12, Gupta in combination with Kraenzel discloses the claimed 
subject matter in claim 1 above. Gupta in combination with Kraenzel does not teach 
"said downloadable service is an authentication service cooperating with a smart card." 

Tan teaches "said downloadable service is an authentication service cooperating 
with a smart card." (Abstract, paragraph 0010, 0026, 0028, wherein the execution of 
downloaded service by a client is authentication using a smart card). It would have been 
obvious at the time of the invention for one of ordinary skill in the art to combine Gupta 's 
and Kraenzel 's combined method of remote execution of services from a server based 
on profile information with Tan 's ability to authenticate a user's identity using data in a 
smart card. This gives the user the benefit of portability when trying to securely access 
services remotely. The motivation for doing so would be to provide a more robust 
security system when a user utilizes the Internet to access secure data by improving 
management of access to web servers (paragraph 0005, 0007). 



Response to Arguments 

5. Applicant's arguments, see page 4, filed 5/5/2008, with respect to the rejection of 
claims 1-3, 12, 13, 15, and 16 in regards to 35 USC 103(a) have been fully considered 
but they are not persuasive. 

a. Examiner is entitled to give claim limitations their broadest reasonable 
interpretation in light of the specification. See MPEP 21 1 1 [R-l] 

Interpretation of Claims-Broadest Reasonable Interpretation 
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During patent examination, the pending claims must be 'given the 
broadest reasonable interpretation consistent with the specification.' Applicant 
always has the opportunity to amend the claims during prosecution and broad 
interpretation by the examiner reduces the possibility that the claim, once issued, 
will be interpreted more broadly than is justified. In re Prater, 162 USPQ 541,550- 
51 (CCPA1969). 

b. Applicant's arguments is stated as Gupta in view of Kraenzel does not 
disclose "arranging a confined run time environment which is assigned a second 
communication port and socket". 

In regards to this argument, Examiner respectfully disagrees. As 
interpreted by the examiner, the claim language of "arranging a confined run time 
environment in said user's computer" is read to mean that a confined run time 
environment is set up and organized by actions executed in the client computer. 
As stated in the above rejection, Gupta, in column 10 line 66 - column 1 1 line 11, 
column 13 lines 15-25, lines 34-53, column 17 lines 41-60 teaches that the client 
executes application software by sending requests to the webtop server and 
executing proxy services. As shown in Figure 4A and 4B, the webtop server, 
which executes and processes the application request, is part of a network of 
sites containing clients, and is accessed through a client tier. As seen in the cited 
figures, the webtop server and client work in a partnership on one side to access 
application servers, and the client as cited arranges for the webtop server to 



Application/Control Number: 10/616,582 Page 9 

Art Unit: 2168 

retrieve and store program software from application server, to be executed in a 
client (column 13 lines 34-54). Therefore, Gupta teaches arranging a confined 
run time environment. 

Additionally, Gupta, in the above rejection, and specifically in column 7 
lines 1-8 and column 17 line 41 - column 18 line 13 teaches that the application 
requests from a client is processed through a proxy, wherein a proxy's handle 
that is created by the webtop server, is utilized to specifically process a specific 
service. The proxy service is utilized by the system to determine forwarding and 
filtering of requests between the clients and webtop servers, and the application 
servers containing applications to be executed. The established proxy services 
satisfies a sandbox security scheme, the proxy service forwarding service 
requests and responses. As disclosed in column 10 lines 33-58, the link between 
a webtop server and the application server transfer data in specific channels of 
communications link, as determined by different protocols. Therefore, Gupta 
teaches assigning a second communication port and socket. 

c. Applicant's arguments is stated as Gupta in view of Kraenzel does not 
disclose restricted access to the user's profile. 

In regards to this argument, Examiner respectfully disagrees. Gupta, in 
column 7 lines 1 6-28, column 1 2 line 45 - column 1 3 line 32, column 20 lines 1 9- 
29, teaches a client profile is stored in a local webtop server connected to a client 
that is accessed by the webtop server, the profile determining accessible 
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services. Particularly, column 12 line 45 - column 13 line 32 teaches that a login 
service logs in a client and creates a cookie to track the client session, the cookie 
created and stored in the client computer that determine if the client has access 
to an application or network service. This is accomplished by sent by an applet 
once the user identity is determined. As disclosed in column 18 lines 6-13, the 
credential certificate used to verify the client allows access to multiple 
applications and network services, provided the client can access those 
application and network services. The security features of the system is further 
disclosed in column 20 lines 19-34, wherein an applet is determined to be trusted 
or untrusted, and it is determined how much access an application being 
executed on a webtop server has to the computer resources. Therefore, Gupta in 
view of Kraenzel teaches restricted access to the user's profile. 

d. Applicant's arguments is stated as Gupta in view of Kraenzel does not 
disclose "executing said service within said confined run time environment 
whereby said service is given restricted access to said at least one profile file" 
In regards to this argument, Examiner respectfully disagrees. Gupta, in 
column 1 0 line 66 - column 1 1 line 1 1 , column 1 3 lines 34-54, column 1 6 lines 9- 
19, column 17 lines 61-14, teaches that a webtop server installs application 
software based on the request of a client executing application software. 
Particularly, Gupta in column 1 0 line 66 - column 11 line 1 1 , teaches that the 
webtop server stores and caches application data that a client utilizes, the client 
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fetching application applets that is executed for the web service. As stated 
above, the client sets up a confined runtime environment in the webtop server, 
which is in contact with application servers containing application data. As further 
stated in column 13 lines 34-54, the application software that is determined to be 
safe in a webtop server is then downloaded to the client to be executed. 
Therefore, Gupta teaches executing said service within said confined run time 
environment whereby said service is given restricted access to said at least one 
profile file. 

e. Applicant's arguments is stated as Gupta in view of Kraenzel does not 
disclose that a profile file that is located on a user's computer, because the 
motivation for combining the references is based on hindsight and there is no 
motivation to combine the two references 

In response to applicant's argument that the examiner's conclusion of 
obviousness is based upon improper hindsight reasoning, it must be recognized 
that any judgment on obviousness is in a sense necessarily a reconstruction 
based upon hindsight reasoning. But so long as it takes into account only 
knowledge which was within the level of ordinary skill at the time the claimed 
invention was made, and does not include knowledge gleaned only from the 
applicant's disclosure, such a reconstruction is proper. See In re McLaughlin, 
443 F.2d 1392, 170 USPQ 209 (CCPA 1971). 
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In response to applicant's argument that there is no suggestion to combine 
the references, the examiner recognizes that obviousness can only be 
established by combining or modifying the teachings of the prior art to produce 
the claimed invention where there is some teaching, suggestion, or motivation to 
do so found either in the references themselves or in the knowledge generally 
available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1 071 , 5 
USPQ2d 1596 (Fed. Cir. 1988)and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 
(Fed. Cir. 1992). In this case, motivation can be found in the prior art of 
Kraenzel, column 2 lines 7-19, wherein permission and authorization is utilized 
for code and applets downloaded online, as the user profile found in the clients of 
Kraenzel is applied to the applet distribution system of Gupta. As further stated in 
Gupta, column 4 lines 8-21 , there is a need to ensure that code downloaded from 
another source does not corrupt the client, and security measures are needed. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DANGELINO N. GORTAYO whose telephone number is 
(571)272-7204. The examiner can normally be reached on M-F 7:30-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tim T. Vo can be reached on (571 )272-3642. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Dangelino N Gortayo/ /Tim T. Vo/ 

Examiner, Art Unit 2168 Supervisory Patent Examiner, Art 



Unit 2168 



Dangelino N. Gortayo 
Examiner 



Tim T. Vo 
SPE 
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